Secure content sharing

ABSTRACT

Technologies for sharing secure content include a source computing device to determine a content use policy for content of the source computing device. The content use policy defines at least one location at which a destination computing device is permitted to access the content. The source computing device encrypts the content with an encryption key to generate encrypted content, generates a secure content package, and transmits the secure content package to the destination computing device. The secure content package includes the encrypted content and the content use policy.

BACKGROUND

Mobile computing devices such as smartphones, tablet computers, andlaptop computers have facilitated the rapid increase in contentgeneration and sharing between consumers. In fact, many individualsvisit social network websites or applications on a daily basis to sharetheir own content (e.g., vacation pictures or “selfies”) or browsecontent distributed by their friends. Content is also shared betweenparties for business purposes and for a multitude of other reasons. Assuch, the content generated by mobile computing devices and/or sharedamong users may include personal data, proprietary data, or otherwiseconfidential or private data.

A wide array of technologies and mechanisms exist to secure and maintainthe privacy of data. For example, data may be encrypted and stored insecure memory when not in use by one's own computing device. However,maintaining the security of data once it has been shared with anotherpresents additional challenges due to a general loss of control over thedata. For example, encrypted data may be transmitted to anothercomputing device that has access to the cryptographic decryption keynecessary to decrypt the data. Although the communication channel may besecure, once the data is decrypted by the receiving computing device,control over the data by the sending computing device is typically lostand the data may be, for example, modified, shared, or otherwise treatedas unimportant data.

BRIEF DESCRIPTION OF THE DRAWINGS

The concepts described herein are illustrated by way of example and notby way of limitation in the accompanying figures. For simplicity andclarity of illustration, elements illustrated in the figures are notnecessarily drawn to scale. Where considered appropriate, referencelabels have been repeated among the figures to indicate corresponding oranalogous elements.

FIG. 1 is a simplified block diagram of at least one embodiment of asystem for securely sharing content between computing devices;

FIG. 2 is a simplified illustration of at least one embodiment of acomputing device of the system of FIG. 1;

FIG. 3 is a simplified block diagram of at least one embodiment of anenvironment of a source computing device of the system of FIG. 1;

FIG. 4 is a simplified block diagram of at least one embodiment of anenvironment of a destination computing device of the system of FIG. 1;

FIG. 5 is a simplified flow diagram of at least one embodiment of amethod for securely sharing content by the source computing device ofthe system of FIG. 1;

FIG. 6 is a simplified flow diagram of at least one embodiment of amethod for selecting location destination devices to add to a contentuse policy by the source computing device of the system of FIG. 1;

FIGS. 7 and 8 is a simplified flow diagram of at least one embodiment ofa method for accessing content by the destination computing device ofthe system of FIG. 1;

FIG. 9 is a simplified flow diagram of at least one embodiment of amethod for enforcing an access policy by the destination computingdevice of the system of FIG. 1; and

FIG. 10 is a simplified flow diagram of at least one embodiment of amethod for enforcing a location policy by the destination computingdevice of the system of FIG. 1.

DETAILED DESCRIPTION OF THE DRAWINGS

While the concepts of the present disclosure are susceptible to variousmodifications and alternative forms, specific embodiments thereof havebeen shown by way of example in the drawings and will be describedherein in detail. It should be understood, however, that there is nointent to limit the concepts of the present disclosure to the particularforms disclosed, but on the contrary, the intention is to cover allmodifications, equivalents, and alternatives consistent with the presentdisclosure and the appended claims.

References in the specification to “one embodiment,” “an embodiment,”“an illustrative embodiment,” etc., indicate that the embodimentdescribed may include a particular feature, structure, orcharacteristic, but every embodiment may or may not necessarily includethat particular feature, structure, or characteristic. Moreover, suchphrases are not necessarily referring to the same embodiment. Further,when a particular feature, structure, or characteristic is described inconnection with an embodiment, it is submitted that it is within theknowledge of one skilled in the art to effect such feature, structure,or characteristic in connection with other embodiments whether or notexplicitly described. Additionally, it should be appreciated that itemsincluded in a list in the form of “at least one A, B, and C” can mean(A); (B); (C): (A and B); (B and C); or (A, B, and C). Similarly, itemslisted in the form of “at least one of A, B, or C” can mean (A); (B);(C): (A and B); (B and (2); or (A, B, and C).

The disclosed embodiments may be implemented, in some cases, inhardware, firmware, software, or any combination thereof. The disclosedembodiments may also be implemented as instructions carried by or storedon one or more transitory or non-transitory machine-readable (e.g.,computer-readable) storage medium, which may be read and executed by oneor more processors. A machine-readable storage medium may be embodied asany storage device, mechanism, or other physical structure for storingor transmitting information in a form readable by a machine (e.g., avolatile or non-volatile memory, a media disc, or other media device).

In the drawings, some structural or method features may be shown inspecific arrangements and/or orderings. However, it should beappreciated that such specific arrangements and/or orderings may not berequired. Rather, in some embodiments, such features may be arranged ina different manner and/or order than shown in the illustrative figures.Additionally, the inclusion of a structural or method feature in aparticular figure is not meant to imply that such feature is required inall embodiments and, in some embodiments, may not be included or may becombined with other features.

Referring now to FIG. 1, in the illustrative embodiment, a system 100for sharing content 110 between computing devices includes a sourcecomputing device 102, a local network 104, one or more local destinationcomputing devices 106, a network 112, and a remote destination computingdevice 114. Although only one source computing device 102, local network104, network 112, and remote destination computing device 114 are shownin FIG. 1, it should be appreciated that the system 100 may includemultiple source computing devices 102, multiple local networks 104,multiple networks 112, and/or multiple remote destination computingdevices 114 in other embodiments. Similarly, although the illustrativeembodiment of FIG. 1 shows three local destination computing devices106, the system 100 may include a different number of local destinationcomputing devices 106 in other embodiments. It should further beappreciated that, in some embodiments, the system 100 may include one ormore other computing devices (e.g., a cryptographic key managementserver) configured to communicate with the source computing device 102,the local destination computing devices 106, and/or the remotedestination computing device 114.

The source computing device 102, the local network 104, and the localdestination computing devices 106 may be situated in a local environment108 (e.g., in the vicinity of the source computing device 102), and theremote destination computing device 114 may be outside the localenvironment 108. In use, as described in more detail below, the sourcecomputing device 102 is configured to securely distribute content to oneor more of the destination computing devices 106, 114. In theillustrative embodiment, the source computing device 102 encrypts thecontent 110, determines a content use policy associated with the content110, and generates a secure content package to be transmitted to thedestination computing device 106, 114 for enforcement of the content usepolicy by the destination computing device 106, 114. In this way, thesource computing device 102 is able to maintain control over thesecurity of the content 110 after sharing the content 110 with thedestination computing device 106, 114. As discussed below, the sourcecomputing device 102 may share the content 110 with a local destinationcomputing device 106 within the proximity of the source computing device102 or a remote destination computing device 114 in a location for whichthe content use policy authorizes access to the content 110. In anotherembodiment, the source computing device 102 may share the content 110with a server or other intermediary device (e.g., in a cloudenvironment) for subsequent transmittal to a destination computingdevice 106, 114.

Each of the source computing device 102, the local destination computingdevices 106, and the remote destination computing device 114 may beembodied as any type of computing device capable of performing thefunctions described herein. For example, each of the computing devices102, 106, 114 may be embodied as a server, desktop computer, laptopcomputer, tablet computer, notebook, netbook, ultrabook™, cellularphone, smartphone, wearable computing device, personal digitalassistant, mobile Internet device, Hybrid device, and/or any othercomputing/communication device. It should be appreciated that, in someembodiments, the source computing device 102, the local destinationcomputing devices 106, and the remote destination computing device 114may include similar features and/or components.

As discussed above, the source computing device 102 may communicate withthe local destination computing devices 106 over a local network 104and/or with the remote destination computing device 114 over a network112. It should be appreciated that the local network 104 and the network112 may be embodied as any number of various wired and/or wirelesstelecommunication networks. As such, the networks 104, 112 may includeone or more networks, routers, switches, computers, and/or otherintervening devices. For example, the networks 104, 112 may be embodiedas or otherwise include one or more cellular networks, telephonenetworks, local or wide area networks, publicly available globalnetworks (e.g., the Internet), or any combination thereof.

Referring now to FIG. 2, each of the illustrative computing devices 102,106, 114 includes a processor 210, an input/output (“I/O”) subsystem212, a memory 214, a data storage 218, one or more input devices 220,and one or more output devices 222, The I/O subsystem 212 of thecomputing device 102, 106, 114 includes a security engine 224 and mayinclude a secure media path circuitry 226. In the illustrativeembodiment, the input devices 220 include one or more sensors 228 (e.g.,location sensors 234 and/or environment sensors 236), a camera 230, andmay also include a biometric capturing device 232; and the outputdevices 222 include a display 238. The computing device 102, 106, 114further includes a communication circuitry 240 and one or moreperipheral devices 242. Of course, any one or more of the computingdevice 102, 106, 114 may include other or additional components, such asthose commonly found in a typical computing device (e.g., variousinput/output devices and/or other components) in other embodiments.Additionally, in some embodiments, one or more of the illustrativecomponents may be incorporated in, or otherwise from a portion of,another component. For example, the memory 214, or portions thereof, maybe incorporated in the processor 210 in some embodiments.

The processor 210 may be embodied as any type of processor capable ofperforming the functions described herein. For example, the processormay be embodied as a single or multi-core processor(s), digital signalprocessor, microcontroller, or other processor or processing/controllingcircuit. Similarly, the memory 214 may be embodied as any type ofvolatile or non-volatile memory or data storage capable of performingthe functions described herein. In operation, the memory 214 may storevarious data and software used during operation of the computing device102, 106, 114 such as operating systems, applications, programs,libraries, and drivers. The memory 214 is communicatively coupled to theprocessor 210 via the I/O subsystem 212, which may be embodied ascircuitry and/or components to facilitate input/output operations withthe processor 210, the memory 214, and other components of computingdevice 102, 106, 114. For example, the I/O subsystem 212 may be embodiedas, or otherwise include, memory controller hubs, input/output controlhubs, firmware devices, communication links (i.e., point-to-point links,bus links, wires, cables, light guides, printed circuit board traces,etc.) and/or other components and subsystems to facilitate theinput/output operations. In some embodiments, the I/O subsystem 212 mayform a portion of a system-on-a-chip (SoC) and be incorporated, alongwith the processor 210, the memory 214, and other components of thecomputing device 102, 106, 114, on a single integrated circuit chip. Asshown in the illustrative embodiment, the memory 214 may include asecure memory 216 to store, for example, cryptographic keys, biometricdata, the decrypted content, the secure content package, authenticationdata, and/or other secure data. In some embodiments, the secure memory216 may be embodied as a memory device separate from the main memory214.

As indicated above, in some embodiments, the I/O subsystem 212 includesa security engine 224 and a secure media path circuitry 226. Thesecurity engine 224 may be embodied as any combination of hardware,firmware, and/or software component(s) capable of establishing a secureenvironment 310 (see FIG. 3). For example, the security engine 224 maybe embodied as a Trusted Platform Module (TPM), a management engine(ME), or an out-of-band processor. The secure media path circuitry 226may be used in conjunction with the secure memory 216 to providehardware reinforced security between applications and hardware. In oneembodiment, Protected Audio Video Path (PAVP) technology may be employedto implement such hardware reinforced security using the secure memory216 and the secure media path circuitry 226. Additionally, the securemedia path circuitry 226 may include secure media channels capable offacilitating secure communication between the input devices 220, theoutput devices 222, and other components of the computing device 102,106, 114. It should be appreciated that the computing device 102, 106,114 may utilize any number of additional security technologies such as,for example, Secure Enclaves (SE), Trusted Execution Technology (TXT),Virtualization Technology, trusted input/output, and/or other securitytechnologies or mechanisms.

The data storage 218 may be embodied as any type of device or devicesconfigured for short-term or long-term storage of data such as, forexample, memory devices and circuits, memory cards, hard disk drives,solid-state drives, or other data storage devices. The data storage 218and/or the memory 214 may store various data during operation of thecomputing device 102, 106, 114 such as, for example, sensor data,captured images, biometric data, and/or other data useful in theoperation of the computing device 102, 106, 114. The input devices 220may include any number of peripheral or integrated devices suitable forreceiving input from a user of the computing device 102. As indicatedabove, the input devices 220 may include one or more sensors 228, acamera 230, and/or a biometric capturing device 232. The sensors 228collect data regarding the environment of the computing device 102, 106,114, the computing device 102, 106, 114 itself, and/or other data to beused in a determination of a location, proximity, and/or context of thecomputing device 102, 106, 114. In various embodiments, the sensors 228may be embodied as, or otherwise include, for example, location sensors(e.g., global positioning systems), proximity sensors, inertial sensors,optical sensors, light sensors, audio sensors (e.g., microphones),temperature sensors, motion sensors, piezoelectric sensors, and/or othertypes of sensors. Of course, the computing device 102, 106, 114 may alsoinclude components and/or devices configured to facilitate the use ofthe sensors 228.

In the illustrative embodiment of FIG. 2, the sensors 228 include thelocation sensors 234 and the environment sensors 236. As describedbelow, the location sensors 234 may be used to determine, for example,an absolute or relative geographical location of the computing device102, 106, 114. The environment sensors 236 may be used to determine asurrounding environment of the computing device 102, 106, 114, which maybe used, for example, to determine whether another computing device iswithin a particular range of the computing device 102, 106, 114. Forexample, as discussed below, the computing device 102, 106, 114 may useaudio sensors to determine whether another computing device is in thesame room as the computing device 102, 106, 114.

The camera 230 may be embodied as any peripheral or integrated devicesuitable for capturing images, such as a still camera, a video camera, awebcam, or other device capable of capturing images and/or video. Asdiscussed below, a user of the source computing device 102 may use thecamera 230 to capture images/video to share with a destination computingdevice 106, 114. The biometric capturing device 232 may be embodied asany type of peripheral or integrated biometric capturing device that iscapable of generating real-time biometric data of a user of thecomputing device 102, 106, 114 that may be used to authenticate theuser. For example, the biometric capturing device may include the camera230, a fingerprint scanner, handprint scanner, iris scanner, retinalscanner, voice analyzer, or other device to capture any distinguishablehuman biometric.

The output devices 222 of the computing device 102, 106, 114 may includeany number of peripheral or integrated devices suitable for renderingoutput to a user of the computing device 102, 106, 114 (e.g., a display238, speaker, and/or other output device). The display 238 of thecomputing device 102, 106, 114 may be embodied as any one or moredisplay screens on which information may be displayed to a viewer of thecomputing device 102, 106, 114. The display 238 may be embodied as, orotherwise use, any suitable display technology including, for example, aliquid crystal display (LCD), a light emitting diode (LED) display, acathode ray tube (CRT) display, a plasma display, and/or other displaytechnology. Although only a single display 238 is illustrated in FIG. 1,it should be appreciated that the computing device 102, 206, 114 mayinclude multiple displays or display screens on which the same ordifferent content may be displayed contemporaneously or sequentiallywith each other.

The communication circuitry 240 may be embodied as any communicationcircuit, device, or collection thereof, capable of enablingcommunications between the computing device 102, 106, 114 and otherremote devices over the network 104, 112. For example, as discussedabove, the source computing device 102 may communicate with the localdestination computing devices 106 over the local network 104 and/or theremote destination computing device 114 over the network 112. Thecommunication circuitry 240 may be configured to use any one or morecommunication technologies (e.g., wireless or wired communications) andassociated protocols (e.g., Ethernet, Bluetooth®, WiFi®, WiMAX, etc.) toeffect such communication.

The peripheral devices 242 may include any number of additionalperipheral or interface devices, such as speakers, microphones,additional storage devices, and so forth. The particular devicesincluded in the peripheral devices 242 may depend on, for example, thetype and/or intended use of the computing device 102, 106, 114 (e.g.,whether the computing device 102, 106, 114 is a desktop computer or amobile computing device). As shown in FIG. 2, the computing device 102,106, 114 may also include a database 244. The illustrative database 244may be embodied as any combination of hardware, firmware, and/orsoftware suitable for performing the functions described herein. Forexample, in some embodiments, the database 244 may be embodied as a datastructure stored on the computing device 102, 106, 114 suitable forrecording the content 110, encrypted content, decrypted content,cryptographic keys, biometric data, the secure content package,authentication data, and/or other data. Further, in some embodiments,the database 244 may be stored on, or otherwise form a portion of, thememory 214 or the data storage 218.

Referring now to FIG. 3, in use, the illustrative source computingdevice 102 establishes an environment 300 for sharing content 110 withone or more destination computing devices 106, 114. As discussed below,the source computing device 102 securely handles content 110 andpackages the content 110 for secure consumption by destination computingdevices 106, 114. In doing so, the source computing device 102 is ableto maintain control over the security of the content 110 aftertransmitting the content 110 to the destination computing device 106,114. The illustrative environment 300 of the source computing device 102includes a secure content management module 302, a secured media pathmodule 304, a device proximity determination module 306, and acommunication module 308. In some embodiments, the secure contentmanagement module 302 may be executed, or embodied within, a secureenvironment 310. The secure content management module 302 furtherincludes a user authentication module 312, a secure content use policygeneration module 314, and a secure content generation module 316.Additionally, the secure content use policy generation module 314includes an access policy generation module 318 and a location policygeneration module 320. Each of the modules of the environment 300 may beembodied as hardware, software, firmware, or a combination thereof.Additionally, in some embodiments, one or more of the illustrativemodules may form a portion of another module (e.g., the device proximitydetermination module 306 may form a portion of the secure contentmanagement module 302).

The secure content management module 302 ensures that the content 110retrieved from the database 244 or from the camera 230 in real-time ispackaged in a secure content package prior to transmission to adestination computing device 106, 114. As indicated above, the securecontent management module 302 includes the user authentication module312, the secure content generation module 316, and the secure contentuse policy generation module 314. It should be appreciated that thesecure content management module 302 may be executed within, orotherwise form a portion of, the security engine 224 in someembodiments.

The user authentication module 312 determines whether the current userof the source computing device 102 is authorized to perform one or morefunctions of the source computing device 102. For example, in someembodiments, the user authentication module 312 may analyze biometricdata of the user and/or other login information to determine whether theuser is permitted to access and/or share certain content 110 stored onthe source computing device 102 (e.g., for multi-user systems).

The secure content use policy generation module 314 determines a contentuse policy for content 110 of the source computing device 102. Asdescribed in detail below, the content use policy may include accesspermissions, location restrictions, proximity requirements, and/or othercircumstances related to, for example, a time and place at which adestination computing device 106, 114 is permitted to access the content110. Depending on the particular embodiment, the content use policy maybe predetermined or established by the user in real time (e.g., byselecting computing devices with which to share the content 110). In theillustrative embodiment, the content use policy includes an accesspolicy and a location policy.

The access policy generation module 318 establishes access permissionsfor the content 110 that identify authorized uses of the content 110 bydestination computing device 106, 114. In some embodiments, the accesspolicy generation module 318 identifies which destination computingdevices 106, 114 are able to read, write, modify, transmit, or otherwiseeffect the content 110. For example, the access policy generation module318 may indicate that a first destination computing device 106, 114 ispermitted to read the content 110 but not modify the content 110 butthat a second destination computing device 106, 114 is permitted to bothaccess and modify the content 110. It should be appreciated that thenumber and type of access parameters included in the content use policymay vary depending on the particular embodiment.

The location policy generation module 320 establishes locations at whichthe destination computing devices 106, 114 are permitted to access thecontent 110. As discussed in detail below, the location policygeneration module 320 may establish a geographical location at which thedestination computing devices 106, 114 are permitted to access thecontent 110 and a proximity (e.g., from the geographical location or thesource computing device 102) within which the destination computingdevices 106, 114 are permitted to access the content 110. Depending onthe particular embodiment, the proximity may be defined as a physicaldistance, an audio proximity, and/or a social network proximity asdescribed below. For example, the location policy generation module 320may require that the destination computing devices 106, 114 be within aphysical distance of a specified geographical location, be able to sensea similar audio environment as the source computing device 102, and/orbe “checked in” to the same location as the source computing device 102on a social network application.

The secure content generation module 316 is configured to encrypt thecontent 110 with a content encryption key to generate encrypted contentand generate a secure content package for transmission. In theillustrative embodiment, the secure content package includes theencrypted content and the content use policy established by the securecontent use policy generation module 314. In some embodiments, thesecure content package may also include an encrypted content decryptionkey (i.e., an encrypted version of the decryption key corresponding withthe encryption key used to encrypt the content 110). For example, insome embodiments, the content decryption key may itself be encryptedwith an asymmetric cryptographic key corresponding with a decryption keyof the destination computing device(s) 106, 114 (e.g., a hardware key).For example, the content decryption key may be encrypted with anEnhanced Privacy Identification (EPID) key, another one-to-manycryptographic key, and/or a key associated with hardware of thecomputing devices 102, 106, 114 in some embodiments.

In other embodiments, the content decryption key may not be included inthe secure content package. For example, in one embodiment, the content110 may instead be directly encrypted with an encryption key accessibleto the destination computing device(s) 106, 114 (e.g., an EPID key, apublic cryptographic key associated with a private hardware key of thedestination computing device(s) 106, 114, a one-to-many cryptographickey, an asymmetric cryptographic key of a public-private key pair forwhich the destination computing device(s) 106, 114 have thecorresponding key of the key pair, or another cryptographic key). Inanother embodiment, the content encryption key may be retrieved by thesource computing device 102 from a key management server prior toencrypting the content 110. As such, the destination computing device106, 114 may verify its identity and/or the identity of its user to thekey management server to retrieve the corresponding content decryptionkey from the key management server for decryption of the encryptedcontent. It should be appreciated that the secure content package mayalso be encrypted prior to transmission to a destination computingdevice 106, 114. For example, the secure content package may beencrypted with one or more of the cryptographic keys discussed above. Ofcourse, in other embodiments, the secure content package may beunencrypted but may, for example, be accessible only by the securityengine 224 or other secure portion of the computing device 102. Further,in one embodiment, the secure content package may include, or may beembodied as, an Intel® Data Use Control object.

As indicated above, the source computing device 102 may include securemedia path circuitry 226 to enable secure input/output and handling ofdata. In such embodiments, the secured media path module 304 may beimplemented to facilitate the secure transmission of data through thesecure media path circuitry 226.

The device proximity determination module 306 is configured to interpretdata received from the input devices 220 (e.g., the sensors 228) todetermine the location and/or proximity of the source computing device102 relative to the destination computing devices 106, 114. For example,the device proximity determination module 306 may determine thegeographical location of the source computing device 102 relative to adestination computing device 106, 114. It should be appreciated that thesource computing device 102 and the destination computing device 106,114 may be in close proximity to one another but not in the same room,for example. As such, in some embodiments, the device proximitydetermination module 306 may analyze audio data sensed by a microphoneof the source computing device 102 and compare that data to data sensedby the destination computing device 106, 114 to determine whether thecomputing devices are in the same physical environment (e.g., within thesame room). Additionally, in some embodiments, the device proximitydetermination module 306 is configured to determine the social networkproximity of the source computing device 102 to the destinationcomputing device 106, 114. Further, as discussed in detail below, insome embodiments, the source computing device 102 may communicate withthe local destination computing devices 106 to enable the user of thesource computing device 102 to select local destination computingdevices 106 for which to permit access to the content 110.

The communication module 308 handles the communication between thesource computing device 102 and remote devices (e.g., the destinationcomputing devices 106, 114) through the corresponding network 104, 112.As described herein, the communication module 308 may transmit data toother computing devices (e.g., the secure content package) and may alsoreceive data from other computing devices (e.g., data regarding an audioanalysis of the environment of a local destination computing device 106to determine audio proximity).

Referring now to FIG. 4, in use, the illustrative destination computingdevice 106, 114 establishes an environment 400 for accessing content ofthe source computing device 102. The illustrative environment 400 of thedestination computing device 106, 114 is similar to the environment 300of the source computing device 102. Specifically, the environment 400includes a secure content management module 402, a secured media pathmodule 404, a sensor monitoring module 406, and a communication module308. Similar to the secure content management module 302 of the sourcecomputing device 102, the secure content management module 402 of thedestination computing device 106, 114 may be executed, or embodiedwithin, a secure environment 410. The secure content management module402 further includes a secure content policy identification module 412,a secure content use policy enforcement module 414, and a userauthentication module 416. Additionally, the secure content use policyenforcement module 414 includes an access policy enforcement module 418and a location policy enforcement module 420. Each of the modules of theenvironment 400 may be embodied as hardware, software, firmware, or acombination thereof. Additionally, in some embodiments, one or more ofthe illustrative modules may form a portion of another module (e.g., thesensor monitoring module 406 may form a portion of the secure contentmanagement module 402).

The secure content management module 402 ensures that secure content 422(e.g., an encrypted version of the content 110) received from the sourcecomputing device 102 (e.g., in a secure content package) is handled in asecure manner. As described below, the secure content management module402 determines the content use policy associated with the secure content422 and ensures that the policy is enforced. For example, the securecontent management module 402 ensures that the content 110 associatedwith the secure content 422 is not accessible to a user (e.g., viewableon a display 238) unless that user and/or computing device areauthorized to have such access. It should be appreciated that the securecontent management module 402 may be executed within, or otherwise forma portion of, the security engine 224 in some embodiments.

The secure content policy identification module 412 determines thecontent use policy associated with the secure content 422 and includedin the secure content package. As discussed above, in some embodiments,the secure content package may be encrypted. In such embodiments, thesecure content policy identification module 412 retrieves thecorresponding decryption key, decrypts the secure content package, andaccesses the content use policy for the encrypted content included inthe secure content package. For example, as discussed above, the securecontent policy identification module 412 may use a hardwarecryptographic key or other cryptographic key to decrypt the securecontent package in those embodiments.

The secure content use policy enforcement module 414 is configured todetermine whether the destination computing device 106, 114 iscompatible with the secure content package and capable of enforcing thecontent use policy. For example, in some embodiments, the destinationcomputing device 106, 114 may only be able to interpret and/or enforcethe content use policy if the destination computing device 106, 114includes a particular hardware, firmware, and/or software component(e.g., the security engine 224). If the secure content use policyenforcement module 414 is compatible with the secure content package andcapable of enforcing the content use policy, the secure content usepolicy enforcement module 414 is configured to enforce the content usepolicy for the secure content 422 identified by the secure contentpolicy identification module 412. As such, the secure content use policyenforcement module 414 determines whether the destination computingdevice 106, 114 is permitted to access the content 110 (i.e., adecrypted version of the encrypted secure content 422) based on thecontent use policy. If so, the secure content use policy enforcementmodule 414 decrypts the encrypted content with the corresponding contentdecryption key. It should be appreciated that the content decryption keymay be an asymmetric cryptographic key or a symmetric cryptographic keydepending on the particular embodiment. Further, as described above, insome embodiments, the content decryption key for the encrypted contentmay itself be encrypted (e.g., in addition or alternatively toencryption of the secure content package) and included in the securecontent package received from the source computing device 102. In such acase, the secure content use policy enforcement module 414 decrypts thecontent decryption key using a suitable cryptographic key in order toutilize that key to decrypt the encrypted content. In the embodimentsdescribed above in which the content decryption key is retrieved by thesource computing device 102 from a key management server prior toencrypting the content 110, the destination computing device 106, 114may instead retrieve the corresponding content decryption key from thekey management server (e.g., after successful authentication to the keymanagement server). Further, in embodiments in which the sourcecomputing device 102 directly encrypts the content 110 with anencryption key accessible to the destination computing device(s) 106,114, the destination computing device(s) 106, 114 utilize thatcryptographic key (e.g., a hardware key) to decrypt the content 110.

As shown, the illustrative secure content use policy enforcement module414 includes an access policy enforcement module 418 and a locationpolicy enforcement module 420, which are configured to enforce thecorresponding access policy and location policy of the content usepolicy established by the source computing device 102. As discussedherein, the access policy enforcement module 418 is configured toprevent unauthorized uses of the decrypted content 110 by thedestination computing device 106, 114 based on the content use policy(e.g., unauthorized reads, writes, modifications, transmissions, and/orother operations). Of course, the content use policy may permit someusers to access the content 110 while preventing others. As such, theuser authentication module 416 is configured to authenticate a user ofthe destination computing device 106, 114 and determine whether the useris permitted to access the content 110. In doing so, the userauthentication module 416 may analyze, for example, biometric data ofthe user and/or other login information.

The location policy enforcement module 420 is configured to permit orrestrict access to the content 110 based on, for example, the currentlocation of the destination computing device 106, 114. As discussedbelow, it should be appreciated that, although the destination computingdevice 106, 114 may initially be in a location at which the content usepolicy permits access to the content 110, the destination computingdevice 106, 114 may change its location and therefore no longer be incompliance with the content use policy. In those circumstances, thelocation policy enforcement module 420 is configured to employ alocation policy enforcement operation to restrict access to the content110. For example, the location policy enforcement module 420 may deletethe content 110 and the decryption key for the content 110, delete thesecure content package, re-encrypt the content 110, and/or performanother suitable security operation to restrict access by the user tothe content 110.

As described herein, the secure content use policy enforcement module414 and, in particular, the location policy enforcement module 420,utilizes various data (e.g., environment data and other sensor data) todetermine, for example, whether the destination computing device 106,114 is at a geographical location and/or within a proximity of somelocation authorized by the content use policy. As such, the sensormonitoring module 406 collects, analyzes, and/or monitors sensor datagenerated by the sensors 228 of the destination computing device 106,114. As described herein, the secure content use policy enforcementmodule 414 may utilize such data to determine, for example, an audioproximity and/or social network proximity of the destination computingdevice 106, 114 to the source computing device 102.

It should be appreciated that the secured media path module 404 and thecommunication module 408 may be similar to the corresponding componentsof the source computing device 102 described above with regard to theenvironment 300. That is, the secured media path module 404 facilitatesthe secure transmission of data through the secure media path circuitry226, and the communication module 408 handles the communication betweenthe destination computing device 106, 114 and remote devices (e.g., thesource computing device 102) through the corresponding network 104, 112.

Referring now to FIG. 5, in use, the source computing device 102 mayexecute a method 500 for securely sharing content of the sourcecomputing device 102. The illustrative method 500 begins with block 502in which the source computing device 102 determines whether to securelyshare content of the source computing device 102. If so, the sourcecomputing device 102 retrieves (e.g., from the database 244) orgenerates (e.g., in real time) content for sharing in block 504. Forexample, a user of the source computing device 102 may want to share agroup picture with the other people shown in the picture.

In block 506, the source computing device 102 determines the content usepolicy for the retrieved/generated content. That is, the sourcecomputing device 102 or the user of the source computing device 102determines which users and/or destination computing devices 106, 114 arepermitted to access the content and the circumstances under which theaccess is permitted. In doing so, in the illustrative embodiment, thesource computing device 102 determines access policy permissions inblock 508 and determines location policy permissions in block 510. Asdiscussed above, in establishing access policy permissions, the sourcecomputing device 102 determines which destination computing devices 106,114 are able to read, write, modify, transmit, or otherwiseaccess/utilize the content. It should be appreciated that the sourcecomputing device 102 may identify groups or categories of destinationcomputing devices 106, 114 rather than, or in addition to, identifyingparticular destination computing devices 106, 114 in some embodiments.For example, the source computing device 102 may determine that anydestination computing device 106, 114 having a particular hardware,firmware, and/or software component (e.g., the security engine 224)enabling enforcement of the content use policy may access/read thecontent (i.e., provided the location policy criteria are satisfied).Depending on the particular embodiment, the access policy permissionsmay be predetermined (e.g., stored in the database 244) or selected by auser of the source computing device 102 in real time.

As discussed above, in determining the location policy permissions, thesource computing device 102 establishes locations at which thedestination computing devices 106, 114 are permitted to access thecontent. For example, the source computing device 102 may determine thatone or more destination computing devices 106, 114 are permitted toaccess the content provided that they are located in a particulargeographical location (e.g., the same location as the source computingdevice 102, at an office building, or at some other location) and theaccess policy is satisfied (e.g., the destination computing devices 106,114 are permitted to access the content at all).

In the illustrative embodiment, in determining the location policypermissions, the source computing device 102 also determines proximityrequirements of the content use policy in block 512. For example, in oneembodiment, the source computing device 102 may establish a content usepolicy that authorizes local destination computing devices 106 within a“conversational distance” or “ear shot” of the source computing device102 to access the content. It should be appreciated that a measure ofphysical distance between the source computing device 102 and aparticular local destination computing device 106 may be calculatedbased on technologies such as, for example, GPS, Wi-Fi, and Bluetooth.However, computing devices 102, 106 within a particular physicaldistance of one another may nonetheless be outside conversationaldistance due to physical barriers between the computing devices 102,106. For example, the computing devices 102, 106 may be in separaterooms or on separate floors of the same building. As such, the sourcecomputing device 102 may establish other measures of proximity in thecontent use policy in various embodiments. For example, as discussedbelow, the source computing device 102 may require that the localdestination computing device 106 be within audio proximity or socialnetwork proximity of the source computing device 102. Devices withinaudio proximity or, more specifically, within near audio proximity ofone another, for example, may be defined as those able to “hear” thesame or similar audio. Additionally, computing devices 102, 106, 114within social network proximity of one another may be determined to bethose computing devices 102, 106, 114 for which the users have “checkedin” to a same physical location on a social network application,computing devices 102, 106, 114 that have shared photos with the samepeople identified in them, computing devices 102, 106, 114 for which theusers are social network “friends,” and/or otherwise determined.

As indicated above, in some embodiments, in determining the locationpolicy permissions, the user of the source computing device 102 mayselect local destination computing devices 106 for which to permitaccess to the content. To do so, the source computing device 102 mayexecute a method 600 as shown in FIG. 6. The illustrative method 600begins with block 602 in which the source computing device 102determines whether to identify local destination computing devices 106for selection. If so, the source computing device 102 may communicatewith nearby computing devices (i.e., local destination computing devices106 within the local environment 108) in block 604 to determine thelocations of those computing devices 106 (e.g., absolute or relative tothe source computing device 102). For example, in some embodiments, thesource computing device 102 transmits a signal (e.g., a ping signal orbeacon) to the local destination computing devices 106 requestinggeographical location information of the local destination computingdevices 106 or some other response. It should be appreciated that, inmany circumstances, the source computing device 102 may utilize thegeographical location information and/or other response information(e.g., response time) to determine at least an approximate location(e.g., distance from the source computing device 102) of the localdestination computing devices 106.

In block 606, the source computing device 102 may determine an audioproximity of the local destination computing devices 106 in someembodiments. As indicated above, local destination computing devices 106determined to be in very close geographical proximity to the sourcecomputing device 102 may nonetheless be “out of ear shot” from thesource computing device 102. As such, the source computing device 102may, for example, analyze audio input of the source computing device 102and request audio input from the destination computing devices 106 foranalysis to determine whether the same sounds are “heard” by the sourcecomputing device 102 and the destination computing devices 106. If thesource computing device 102 and a destination computing device 106within a near geographical proximity of the source computing device 102“hear” the same audio, the devices 102, 106 are likely within “ear shot”of one another. It should be appreciated that, in some embodiments, thedestination computing devices 106 may analyze their corresponding audioinput and generate audio profiles for transmission to the sourcecomputing device 102 and comparison to a corresponding audio profilegenerated by the source computing device 102.

In block 608, the source computing device 102 may identify those localdestination computing devices 106 with a nearby social network proximityto the source computing device 102. For example, as discussed above, thesource computing device 102 may determine whether any of the localdestination computing devices 106 is “checked in” to a same location ona social network application as the source computing device 102. Ofcourse, the source computing device 102 may use other mechanisms todetermine whether the local destination computing devices 106 are withinsocial network proximity to the source computing device 102 in otherembodiments.

In block 610, the source computing device 102 determines whether thelocal destination computing devices 106 are capable of enforcing thecontent use policy. As discussed above, in some embodiments, the localdestination computing devices 106 may require certain hardware,firmware, and/or software (e.g., Intel® Data Use Control components)that enable the local destination computing devices 106 to interpret thesecure content package and enforce the content use policy to begenerated. In block 612, the source computing device 102 determineswhether any of the local destination computing devices 106 have beenidentified as being able to enforcing the content use policy. It shouldbe appreciated that, if none of the local destination computing devices106 can enforce the content use policy, none of those devices may beselected for access to the content and, therefore, the method 600terminates.

However, if the source computing device 102 identifies local destinationcomputing devices 106 that can enforce the content use policy, thesource computing device 102 provides a list of possible localdestination computing devices 106 to the user for selection in block614. In some embodiments, the list may include the local destinationcomputing devices 106 and information and/or parameters associated withthe particular local destination computing devices 106. For example, thelist may identify, for one or more of the local destination computingdevices 106 (e.g., for each of them), a physical range of the localdestination computing device 106 to the source computing device 102, alikelihood that the local destination computing 106 is within an audioproximity of the source computing device 102, whether the localdestination computing device 106 is within a social network proximity ofthe source computing device 102, and/or other information regarding thelocal destination computing device 106. In other embodiments, the listmay include only those local destination computing device 106 that meetcertain criteria (e.g., geographical location, audio proximity, and/orsocial network proximity criteria). As such, the local destinationcomputing devices 106 included on the list may be a filtered set of thenearby computing devices. Additionally, in some embodiments, the sourcecomputing device 102 may present a list of users of the localdestination computing devices 106 to the user of the source computingdevice 102 (e.g., in circumstances in which the local destinationcomputing devices 106 are multi-user systems).

In block 616, the source computing device 102 receives the user'sselections of the users and/or local destination computing devices 106with which to share the content. Of course, in some embodiments, theuser may also select proximity requirements that must be maintained inorder for the local destination computing devices 106 to continue toaccess the content. In block 618, the source computing device 102 addsthe users, the local destination computing devices 106, and/or proximityinformation to the content use policy for the content. In embodiments inwhich the user does not select any local destination computing devices106, the source computing device 102 may establish the content usepolicy using other mechanisms (e.g., a default content use policy).

Referring back to FIG. 5, the source computing device 102 generates thecontent use policy based on the determined access policy permissions andthe determined location policy permissions. In block 516, the sourcecomputing device 102 generates a secure content package for the contentto share. In the illustrative embodiment, in doing so, the sourcecomputing device 102 encrypts the content in block 518 and stores theencrypted content, an encrypted version of the content decryption key,and the content use policy as a secure content package in block 520. Forexample, as discussed above, the source computing device 102 may encryptthe content using any suitable cryptographic algorithm (e.g., using asymmetric or asymmetric encryption cryptographic key), and thecorresponding decryption key (i.e., the content decryption key) may beencrypted with a suitable cryptographic key (e.g., by a public key of aone-to-one or one-to-many cryptographic key pair corresponding with aprivate key of the destination computing devices 106, 114 such as, forexample, a hardware key of the secure engine 224) and stored in thesecure content package. It should be appreciated that, in otherembodiments, the content decryption key may not be included in thesecure content package as described above. Further, depending on theparticular embodiment, the secure content package itself may be furtherencrypted with a suitable cryptographic key. In block 522, the sourcecomputing device 102 transmits the secure content package to adestination computing device 106, 114 (e.g., a destination computingdevice 106, 114 requesting the content) or an intermediary device (e.g.,a server for a social network application or a cloud storage device).

Referring now to FIG. 7, in use, a destination computing device 106, 114may execute a method 700 for securely accessing content of the sourcecomputing device 102. The illustrative method 700 begins with block 702in which the destination computing device 106, 114 determines whether toaccess the content. If so, in block 704, the destination computingdevice 106, 114 requests selected content (e.g., content selected by auser of the destination computing device 106, 114). Depending on theparticular embodiment and the storage location of the requested content,the content may be requested from the source computing device 102 or aserver (e.g., a storage server for a social network application), or maybe received from the source computing device 102 without prompting (inwhich case the destination computing device 106, 114 may perform ahandshake with the source computing device 102 in block 704). In block706, the destination computing device 106, 114 receives a secure contentpackage from the source computing device 102 (or indirectly via one ormore servers). As discussed above with regard to FIGS. 3-5, the securecontent package includes the encrypted content and a content use policyfor the content and, depending on the particular embodiment, may alsoinclude an encrypted version of a content decryption key that may beused to decrypt the encrypted content.

In block 708, the destination computing device 106, 114 determineswhether the destination computing device 106, 114 is compatible with thecontent use policy. That is, as discussed above, the destinationcomputing device 106, 114 determines whether it is able to manage thesecure content package (e.g., decrypt the package and/or decryption keyin embodiments in which one or more is encrypted) and enforce thecontent use policy. If not, the destination computing device 106, 114may delete the secure content package in block 710 and terminateexecution of the method 700. However, if the destination computingdevice 106, 114 determines that it is compatible with the content usepolicy, the destination computing device 106, 114 authenticates the userand/or the destination in block 712. For example, to authenticate thecurrent user of the destination computing device 106, 114, thedestination computing device 106, 114 may capture biometric data of thecurrent user in real time and compare the captured biometric data to abiometric profile stored on the destination computing device 106, 114.In other embodiments, the current user may enter login information or beotherwise authenticated. Additionally, in some embodiments, thedestination computing device 106, 114 or components thereof (e.g., thesecurity engine 224) may be authenticated using, for example,attestation algorithms to verify the integrity and/or security of thedestination computing device 106, 114. Of course, in other embodiments,the destination computing device 106, 114 may not authenticate one ormore of the user or the destination computing device 106, 114 itself.

In block 714, the destination computing device 106, 114 determineswhether the user and the destination computing device 106, 114 have beensuccessfully authenticated. If not, the destination computing device106, 114 may delete the secure content package in block 710 and/orterminate execution of the method 700. However, if the user and thedestination computing device 106, 114 have been authenticated, thedestination computing device 106, 114 accesses the content use policyfrom the secure content package in block 716. As discussed above, insome embodiments, the secure content package may be encrypted with acryptographic encryption key corresponding with a cryptographicdecryption key stored on or otherwise accessible by the destinationcomputing device 106, 114. In those circumstances, the destinationcomputing device 106, 114 decrypts the secure content package to accessthe content use policy associated with the content desired to beaccessed.

In block 718, the destination computing device 106, 114 determineswhether the destination computing device 106 is authorized to access thecontent at the current location of the destination computing device 106,114 based on the content use policy. That is, the destination computingdevice 106, 114 determines both whether it is permitted to access thecontent at all and, if so, determines whether it is permitted to accessthe content while the destination computing device 106, 114 is locatedat its current location. Specifically, the destination computing device106, 114 determines its current geographical location and/or proximity(e.g., audio proximity and/or social network proximity) relative to thesource computing device 102 or another location depending on the contentuse policy for the content to be accessed and whether the locationpolicy requirements are met based on such determinations. If not, thedestination computing device 106, 114 may delete the secure contentpackage and/or otherwise terminate the method 700.

However, if the destination computing device 106, 114 is authorized toaccess the content, the method 700 advances to block 720 of FIG. 8 inwhich the destination computing device 106, 114 retrieves the contentdecryption key. As discussed above, in embodiments in which the contentdecryption key is itself encrypted (e.g., in the secure contentpackage), the destination computing device 106, 114 may decrypt thecontent decryption key itself using a suitable decryption key (e.g., ahardware key of the destination computing device 106, 114). However, asdiscussed above, the destination computing device 106, 114 may, in otherembodiments, retrieve the content decryption key from a key managementserver, or the content decryption key may itself be a cryptographic keyof the destination computing device 106, 114 (e.g., a hardware key) orbe otherwise accessible to the destination computing device 106, 114. Insuch embodiments, the destination computing device 106, 114 retrievesthe content decryption key from the corresponding device or component.

In block 722, the destination computing device 106, 114 decrypts theencrypted content using the content decryption key to access the desiredcontent. In block 724, the destination computing device 106, 114securely renders the content on one or more output devices 222 of thedestination computing device 106, 114. As discussed above, thedestination computing device 106, 114 may utilize the secured media pathmodule 404 and the secure media path circuitry 226 for hardwarereinforced security and to facilitate the secure transmission of data tothe output devices 222.

As discussed herein, although the destination computing device 106, 114may initially be permitted to access the content under the content usepolicy, circumstances may change such that the destination computingdevice 106, 114 is no longer permitted under the content use policy tohave such access. As such, the destination computing device 106, 114continuously, periodically, or in response to one or more conditions(e.g., a change in location or access attempt) reevaluates compliancewith the content use policy,for the content to enforce the policy. Inparticular, the destination computing device 106, 114 enforces theaccess policy in block 726 and enforces the location policy in block728.

In at least one embodiment, the destination computing device 106, 114may enforce the access policy by executing a method 900 as shown in FIG.9. The illustrative method 900 begins with block 902 in which thedestination computing device 106, 114 determines whether to enforce theaccess policy. If so, the destination computing device 106, 114determines whether a user of the destination computing device 106, 114has attempted to modify or transmit the content in block 904. Thedestination computing device 106, 114 further determines, in block 906,whether the attempted modification or transmission is authorized by theaccess policy (i.e., of the content use policy) if the destinationcomputing device 106, 114 determines that the user has, in fact,attempted to modify or transmit the content. If the destinationcomputing device 106, 114 determines in block 906 that the modificationor transmission is unauthorized, the destination computing device 106,114 prevents the modification/transmission in block 908. However, if theattempted modification or transmission is authorized by the accesspolicy, the destination computing device 106, 114 modifies or transmitsthe content as attempted in block 910. Further, in block 912, thedestination computing device 106, 114 may update the provenance of thecontent based on the modification or transmission. For example, theprovenance may be updated with the time, device, and otherparameters/characters associated with a particular content modification.Regardless of whether the modification/transmission is prevented inblock 908 or performed in block 910, the method 900 returns to block 902in which the destination computing device 106, 114 determines whether tocontinue enforcing the access policy.

The destination computing device 106, 114 may enforce the locationpolicy by executing a method 1000 as shown in FIG. 10. The illustrativemethod 1000 begins with block 1002 in which the destination computingdevice 106, 114 determines whether to enforce the location policy. Ifso, the destination computing device 106, 114 determines its location inblock 1004. As discussed in greater detail above, in doing so, thedestination computing device 106, 114 may determine its geographicallocation (e.g., its absolute geographical location or geographicallocation relative to the source computing device 102 or anotherreference point) in block 1006. In block 1008, the destination computingdevice 106, 114 may determine its audio proximity to the sourcecomputing device 102. For example, the destination computing device 106,114 may determine a likelihood that it is within a predefined“conversational distance” or “ear shot” of the source computing device102. Further, in block 1010, the destination computing device 106, 114may determine a social network proximity to the source computing device102. As discussed above, the destination computing device 106, 114 maybe within social network proximity to the source computing device 102 ifa user of the destination computing device 106, 114 is, for example,“checked in” to a same location (e.g., an identified geographicallocation) as a user of the source computing device 102.

In block 1012, the destination computing device 106, 114 determineswhether it is within an authorized location (i.e., including proximityrequirements) based on the location policy (e.g., by comparing theresults of the determinations of block 1004 to the location policy). Ifso, the method 1000 returns to block 1002 in which the destinationcomputing device 106, 114 determines whether to continue enforcing thelocation policy. However, if the destination computing device 106, 114is not within an authorized location, the destination computing device106, 114 performs one or more location policy enforcement operations inblock 1014. For example, as discussed above, the destination computingdevice 106, 114 may delete the decrypted content and the contentdecryption key in block 1016. In the illustrative embodiment, thedestination computing device 106, 114 is thereafter unable to access thedecrypted content unless circumstances change such that the destinationcomputing device 106, 114 is again permitted access (e.g., thedestination computing device 106, 114 returns to an authorizedlocation). In some embodiments, to determine whether the destinationcomputing device 106, 114 is subsequently granted access to the content,the destination computing device 106, 114 may re-execute the method 700or a portion thereof. It should be appreciated that, by doing so, thesource computing device 102 is able to exert control over the contenteven after transmitting the content to the destination computing device106, 114 by virtue of the content use policy associated with thecontent. Additionally, in some embodiments, the destination computingdevice 106, 114 also deletes the secure content package in block 1018.Of course, in other embodiments, the destination computing device 106,114 may perform other location policy enforcement operations asdiscussed above.

EXAMPLES

Illustrative examples of the technologies disclosed herein are providedbelow. An embodiment of the technologies may include any one or more,and any combination of, the examples described below.

Example 1 includes a source computing device for distributing securecontent, the source computing device comprising a secure content usepolicy generation module to determine a content use policy for contentof the source computing device, wherein the content use policy definesat least one location at which a destination computing device ispermitted to access the content; a secure content generation module to(i) encrypt the content with an encryption key to generate encryptedcontent and (ii) generate a secure content package that includes theencrypted content and the content use policy; and a communication moduleto transmit the secure content package to the destination computingdevice.

Example 2 includes the subject matter of Example 1, and wherein thecontent use policy defines a proximity from the at least one locationwithin which the destination computing device is permitted to access thecontent.

Example 3 includes the subject matter of any of Examples 1 and 2, andwherein the content use policy defines a measure of audio proximity fromthe at least one location within which the destination computing deviceis permitted to access the content.

Example 4 includes the subject matter of any of Examples 1-3, andwherein the content use policy defines a measure of social networkproximity to the source computing device within which the destinationcomputing device is permitted to access the content.

Example 5 includes the subject matter of any of Examples 1-4, andwherein the content use policy defines access policy permissions for thecontent that identify authorized uses of the content by the destinationcomputing device.

Example 6 includes the subject matter of any of Examples 1-5, andwherein the secure content package comprises a Data Use Control object.

Example 7 includes the subject matter of any of Examples 1-6, andwherein the secure content generation module is to encrypt the securecontent package with an asymmetric cryptographic encryption keycorresponding with a decryption key of the destination computing device.

Example 8 includes the subject matter of any of Examples 1-7, andfurther including a device proximity determination module to communicatewith nearby computing devices to determine corresponding locations ofthe nearby computing devices, wherein to determine the content usepolicy comprises to identify at least one of the nearby computingdevices for a user of the source computing device in response to adetermination that the at least one of the nearby computing devices iscapable of enforcing the content use policy; receive a selection from auser of the source computing device of the identified nearby computingdevice capable of enforcing the content use policy for which to permitaccess to the content; and modify the content use policy based on theuser's selection.

Example 9 includes the subject matter of any of Examples 1-8, andwherein the device proximity determination module is to determine anaudio proximity of the at least one of the nearby computing devices tothe source computing device.

Example 10 includes the subject matter of any of Examples 1-9, andwherein the device proximity determination module is to determine asocial networking proximity of the at least one of the nearby computingdevices to the source computing device, wherein two devices identifiedas being at a same geographical location on a social networkingapplication are considered to be within social network proximity of oneanother.

Example 11 includes the subject matter of any of Examples 1-10, andwherein the generated secure content package further includes anencrypted version of a decryption key corresponding with the encryptionkey.

Example 12 includes the subject matter of any of Examples 1-11, andwherein the secure content generate module is to encrypt the decryptionkey with an asymmetric cryptographic encryption key corresponding with adecryption key of the destination computing device to generate theencrypted version of the decryption key.

Example 13 includes the subject matter of any of Examples 1-12, andwherein the secure content generation module is to encrypt the contentwith an encryption key received from a key management server.

Example 14 includes a destination computing device for accessing contentof a source computing device, the destination computing devicecomprising a communication module to receive a secure content packageincluding encrypted content and a content use policy associated with thecontent, wherein the content use policy defines at least one location atwhich the destination computing device is permitted to access thecontent; a sensor monitoring module to determine a location of thedestination computing device; and a secure content use policyenforcement module to (i) determine whether the destination computingdevice is permitted to access the content at the determined locationbased on the content use policy, (ii) decrypt the encrypted content witha decryption key to generate the content in response to a determinationthat the destination computing device is permitted to access thecontent, and (iii) enforce the content use policy based on a currentlocation of the destination computing device.

Example 15 includes the subject matter of Example 14, and wherein toreceive the secure content package comprises to receive the securecontent package in response to a request, by the destination computingdevice, to access the content.

Example 16 includes the subject matter of any of Examples 14 and 15, andwherein the secure content package comprises a Data Use Control object.

Example 17 includes the subject matter of any of Examples 14-16, andwherein to determine whether the destination computing device ispermitted to access the content comprises to access the content usepolicy from the secure content package.

Example 18 includes the subject matter of any of Examples 14-17, andfurther including a secure content policy identification module to (i)decrypt the secure content package with a decryption key of thedestination computing device and (ii) access the content use policy fromthe secure content package in response to decryption of the securecontent package, wherein to decrypt the encrypted content is further inresponse to decryption of the secure content package.

Example 19 includes the subject matter of any of Examples 14-18, andfurther including a user authentication module to (i) authenticate auser of the destination computing device and (ii) determine whether theuser is permitted to access the content, wherein to determine whetherthe destination computing device is permitted to access the contentfurther comprises to determine whether the user is permitted to accessthe content.

Example 20 includes the subject matter of any of Examples 14-19, andwherein to determine whether the destination computing device ispermitted to access the content comprises to determine whether thedestination computing device is compatible with the secure contentpackage and capable of enforcing the content use policy.

Example 21 includes the subject matter of any of Examples 14-20, andfurther including an output device to securely render the content.

Example 22 includes the subject matter of any of Examples 14-21, andwherein to enforce the content use policy comprises to prevent anunauthorized use of the content by the destination computing devicebased on the content use policy.

Example 23 includes the subject matter of any of Examples 14-22, andwherein to prevent the unauthorized use comprises to prevent at leastone of an unauthorized modification of the content or an unauthorizedtransmission of the content to another computing device.

Example 24 includes the subject matter of any of Examples 14-23, andwherein to determine the location of the destination computing devicecomprises to determine at least one of an audio proximity or a socialnetwork proximity of the destination computing device to the sourcecomputing device.

Example 25 includes the subject matter of any of Examples 14-24, andwherein to enforce the content use policy comprises to determine thecurrent location of the destination computing device; and perform alocation policy enforcement operation in response to a determinationthat the content use policy does not permit the destination computingdevice to access the content at the current location.

Example 26 includes the subject matter of any of Examples 14-25, andwherein to determine the current location of the destination computingdevice comprises to determine a geographical location of the destinationcomputing device and at least one of an audio proximity or a socialnetwork proximity of the destination computing device to the sourcecomputing device.

Example 27 includes the subject matter of any of Examples 14-26, andwherein to perform the location policy enforcement operation comprisesto delete the content and the decryption key from a memory of thedestination computing device.

Example 28 includes the subject matter of any of Examples 14-27, andwherein the received secure content package further includes anencrypted version of the decryption key; and the secure content usepolicy enforcement module is to decrypt the encrypted content with thedecryption key in response to decryption of the encrypted version of thedecryption key.

Example 29 includes the subject matter of any of Examples 14-28, andwherein to decrypt the encrypted version of the decryption key comprisesto decrypt the encryption version with a corresponding decryption key ofthe destination computing device.

Example 30 includes the subject matter of any of Examples 14-29, andwherein to decrypt the encrypted content comprises to decrypt theencrypted content with the decryption key in response to receipt of thedecryption key from a key management server.

Example 31 includes a method for distributing secure content by a sourcecomputing device, the method comprising determining, by the sourcecomputing device, a content use policy for content of the sourcecomputing device, wherein the content use policy defines at least onelocation at which a destination computing device is permitted to accessthe content; encrypting, by the source computing device, the contentwith an encryption key to generate encrypted content; generating, by thesource computing device, a secure content package including theencrypted content and the content use policy; and transmitting, by thesource computing device, the secure content package to the destinationcomputing device.

Example 32 includes the subject matter of Example 31, and whereindetermining the content use policy comprises determining a content usepolicy that defines a proximity from the at least one location withinwhich the destination computing device is permitted to access thecontent.

Example 33 includes the subject matter of any of Examples 31 and 32, andwherein determining the content use policy comprises determining acontent use policy that defines a measure of audio proximity from the atleast one location within which the destination computing device ispermitted to access the content.

Example 34 includes the subject matter of any of Examples 31-33, andwherein determining the content use policy comprises determining acontent use policy that defines a measure of social network proximity tothe source computing device within which the destination computingdevice is permitted to access the content.

Example 35 includes the subject matter of any of Examples 31-34, andwherein determining the content use policy comprises determining accesspolicy permissions for the content, wherein the access policypermissions define authorized uses of the content by the destinationcomputing device,

Example 36 includes the subject matter of any of Examples 31-35, andwherein generating the secure content package comprises generating aData Use Control object.

Example 37 includes the subject matter of any of Examples 31-36, andwherein generating the secure content package comprises encrypting thesecure content package with an asymmetric cryptographic encryption keycorresponding with a decryption key of the destination computing device.

Example 38 includes the subject matter of any of Examples 31-37, andwherein determining the content use policy comprises communicating withnearby computing devices to determine corresponding locations of thenearby computing devices; identifying at least one of the nearbycomputing devices for a user of the source computing device in responseto determining the at least one of the nearby computing devices iscapable of enforcing the content use policy; receiving a selection froma user of the source computing device of the identified nearby computingdevice capable of enforcing the content use policy for which to permitaccess to the content; and modifying the content use policy based on theuser's selection.

Example 39 includes the subject matter of any of Examples 31-38, andwherein determining the content use policy further comprises determiningan audio proximity of the at least one of the nearby computing devicesto the source computing device.

Example 40 includes the subject matter of any of Examples 31-39, andwherein determining the content use policy further comprises determininga social networking proximity of the at least one of the nearbycomputing devices to the source computing device, wherein two devicesidentified as being at a same geographical location on a socialnetworking application are considered to be within social networkproximity of one another.

Example 41 includes the subject matter of any of Examples 31-40, andwherein the generated secure content package further includes anencrypted version of a decryption key corresponding with the encryptionkey.

Example 42 includes the subject matter of any of Examples 31-41, andfurther including encrypting, by the source computing device, thedecryption key with an asymmetric cryptographic encryption keycorresponding with a decryption key of the destination computing deviceto generate the encrypted version of the decryption key.

Example 43 includes the subject matter of any of Examples 31-42, andwherein encrypting the content comprises encrypting the content with anencryption key received from a key management server.

Example 44 includes a computing device comprising a processor; and amemory having stored therein a plurality of instructions that whenexecuted by the processor cause the computing device to perform themethod of any of Examples 31-43.

Example 45 includes one or more machine-readable storage mediacomprising a plurality of instructions stored thereon that, in responseto being executed, result in a computing device performing the method ofany of Examples 31-43.

Example 46 includes a computing device for distributing secure content,the computing device comprising means for performing the method of anyof Examples 31-43.

Example 47 includes a method for accessing content by a destinationcomputing device, the method comprising receiving, by the destinationcomputing device, a secure content package including encrypted contentand a content use policy associated with the content, wherein thecontent use policy defines at least one location at which thedestination computing device is permitted to access the content;determining, by the destination computing device, a location of thedestination computing device; determining, by the destination computingdevice and based on the content use policy, whether the destinationcomputing device is permitted to access the content at the determinedlocation; decrypting, by the destination computing device, the encryptedcontent with a decryption key to generate the content in response todetermining that the destination computing device is permitted to accessthe content; and enforcing, by the destination computing device, thecontent use policy based on a current location of the destinationcomputing device.

Example 48 includes the subject matter of Example 47, and whereinreceiving the secure content package comprises receiving the securecontent package in response to requesting, by the destination computingdevice, access to the content.

Example 49 includes the subject matter of any of Examples 47 and 48, andwherein receiving the secure content package comprises receiving a DataUse Control object.

Example 50 includes the subject matter of any of Examples 47-49, andwherein determining whether the destination computing device ispermitted to access the content comprises accessing the content usepolicy from the secure content package.

Example 51 includes the subject matter of any of Examples 47-50, andfurther including decrypting, by the destination computing device, thesecure content package with a decryption key of the destinationcomputing device; and accessing the content use policy from the securecontent package in response to decrypting the secure content package,wherein decrypting the encrypted content is further in response todecrypting the secure content package.

Example 52 includes the subject matter of any of Examples 47-51, andwherein determining whether the destination computing device ispermitted to access the content comprises authenticating a user of thedestination computing device; and determining whether the user ispermitted to access the content.

Example 53 includes the subject matter of any of Examples 47-52, andwherein determining whether the destination computing device ispermitted to access the content comprises determining whether thedestination computing device is compatible with the secure contentpackage and capable of enforcing the content use policy.

Example 54 includes the subject matter of any of Examples 47-53, andfurther including rendering, securely by the destination computingdevice, the content on an output device of the destination computingdevice.

Example 55 includes the subject matter of any of Examples 47-54, andwherein enforcing the content use policy comprises preventing anunauthorized use of the content by the destination computing devicebased on the content use policy.

Example 56 includes the subject matter of any of Examples 47-55, andwherein preventing the unauthorized use comprises preventing at leastone of an unauthorized modification of the content or an unauthorizedtransmission of the content to another computing device.

Example 57 includes the subject matter of any of Examples 47-56, and,wherein determining the location of the destination computing devicecomprises determining at least one of an audio proximity or a socialnetwork proximity of the destination computing device to a sourcecomputing device.

Example 58 includes the subject matter of any of Examples 47-57, andwherein enforcing the content use policy comprises determining thecurrent location of the destination computing device; and performing alocation policy enforcement operation in response to determining thatthe content use policy does not permit the destination computing deviceto access the content at the current location.

Example 59 includes the subject matter of any of Examples 47-58, andwherein determining the current location of the destination computingdevice comprises determining a geographical location of the destinationcomputing device and at least one of an audio proximity or a socialnetwork proximity of the destination computing device to a sourcecomputing device.

Example 60 includes the subject matter of any of Examples 47-59, andwherein performing the location policy enforcement operation comprisesdeleting the content and the decryption key from a memory of thedestination computing device.

Example 61 includes the subject matter of any of Examples 47-60, andwherein the received secure content package further includes anencrypted version of the decryption key; and decrypting the encryptedcontent comprises decrypting the encrypted content with the decryptionkey in response to decrypting the encrypted version of the decryptionkey.

Example 62 includes the subject matter of any of Examples 47-61, andwherein decrypting the encrypted version of the decryption key comprisesdecrypting the encryption version with a corresponding decryption key ofthe destination computing device.

Example 63 includes the subject matter of any of Examples 47-62, andwherein decrypting the encrypted content comprises decrypting theencrypted content with the decryption key in response to receiving thedecryption key from a key management server.

Example 64 includes a computing device comprising a processor; and amemory having stored therein a plurality of instructions that whenexecuted by the processor cause the computing device to perform themethod of any of Examples 47-63.

Example 65 includes one or more machine-readable storage mediacomprising a plurality of instructions stored thereon that, in responseto being executed, result in a computing device performing the method ofany of Examples 47-63.

Example 66 includes computing device for accessing content, thecomputing device comprising means for performing the method of any ofExamples 47-63.

1-25. (canceled)
 26. A method for distributing secure content by asource computing device, the method comprising: determining, by thesource computing device, a content use policy for content of the sourcecomputing device, wherein the content use policy defines at least onelocation at which a destination computing device is permitted to accessthe content; encrypting, by the source computing device, the contentwith an encryption key to generate encrypted content; generating, by thesource computing device, a secure content package including theencrypted content and the content use policy; and transmitting, by thesource computing device, the secure content package to the destinationcomputing device.
 27. The method of claim 26, wherein determining thecontent use policy comprises determining a content use policy thatdefines a proximity from the at least one location within which thedestination computing device is permitted to access the content.
 28. Themethod of claim 27, wherein determining the content use policy comprisesdetermining a content use policy that defines a measure of audioproximity from the at least one location within which the destinationcomputing device is permitted to access the content.
 29. The method ofclaim 26, wherein determining the content use policy comprisesdetermining a content use policy that defines a measure of socialnetwork proximity to the source computing device within which thedestination computing device is permitted to access the content.
 30. Themethod of claim 26, wherein determining the content use policy comprisesdetermining access policy permissions for the content, wherein theaccess policy permissions define authorized uses of the content by thedestination computing device.
 31. The method of claim 26, whereingenerating the secure content package comprises encrypting the securecontent package with an asymmetric cryptographic encryption keycorresponding with a decryption key of the destination computing device.32. The method of claim 26, wherein determining the content use policycomprises: communicating with nearby computing devices to determinecorresponding locations of the nearby computing devices; identifying atleast one of the nearby computing devices for a user of the sourcecomputing device in response to determining the at least one of thenearby computing devices is capable of enforcing the content use policy;receiving a selection from a user of the source computing device of theidentified nearby computing device capable of enforcing the content usepolicy for which to permit access to the content; and modifying thecontent use policy based on the user's selection.
 33. The method ofclaim 32, wherein determining the content use policy further comprisesdetermining an audio proximity of the at least one of the nearbycomputing devices to the source computing device.
 34. The method ofclaim 32, wherein determining the content use policy further comprisesdetermining a social networking proximity of the at least one of thenearby computing devices to the source computing device, wherein twodevices identified as being at a same geographical location on a socialnetworking application are considered to be within social networkproximity of one another.
 35. A method for accessing content by adestination computing device, the method comprising: receiving, by thedestination computing device, a secure content package includingencrypted content and a content use policy associated with the content,wherein the content use policy defines at least one location at whichthe destination computing device is permitted to access the content;determining, by the destination computing device, a location of thedestination computing device; determining, by the destination computingdevice and based on the content use policy, whether the destinationcomputing device is permitted to access the content at the determinedlocation; decrypting, by the destination computing device, the encryptedcontent with a decryption key to generate the content in response todetermining that the destination computing device is permitted to accessthe content; and enforcing, by the destination computing device, thecontent use policy based on a current location of the destinationcomputing device.
 36. The method of claim 35, wherein receiving thesecure content package comprises receiving the secure content package inresponse to requesting, by the destination computing device, access tothe content.
 37. The method of claim 35, wherein determining whether thedestination computing device is permitted to access the contentcomprises accessing the content use policy from the secure contentpackage.
 38. The method of claim 37, further comprising: decrypting, bythe destination computing device, the secure content package with adecryption key of the destination computing device; and accessing thecontent use policy from the secure content package in response todecrypting the secure content package, wherein decrypting the encryptedcontent is further in response to decrypting the secure content package.39. The method of claim 35, wherein determining whether the destinationcomputing device is permitted to access the content comprises:authenticating a user of the destination computing device; anddetermining whether the user is permitted to access the content.
 40. Themethod of claim 35, wherein determining whether the destinationcomputing device is permitted to access the content comprisesdetermining whether the destination computing device is compatible withthe secure content package and capable of enforcing the content usepolicy.
 41. The method of claim 35, further comprising rendering,securely by the destination computing device, the content on an outputdevice of the destination computing device.
 42. The method of claim 35,wherein enforcing the content use policy comprises preventing anunauthorized use of the content by the destination computing devicebased on the content use policy, and preventing the unauthorized usecomprises preventing at least one of an unauthorized modification of thecontent or an unauthorized transmission of the content to anothercomputing device.
 43. The method of claim 35, wherein determining thelocation of the destination computing device comprises determining atleast one of an audio proximity or a social network proximity of thedestination computing device to a source computing device.
 44. Themethod of claim 35, wherein enforcing the content use policy comprises:determining the current location of the destination computing device;and performing a location policy enforcement operation in response todetermining that the content use policy does not permit the destinationcomputing device to access the content at the current location, whereindetermining the current location of the destination computing devicecomprises determining a geographical location of the destinationcomputing device and at least one of an audio proximity or a socialnetwork proximity of the destination computing device to a sourcecomputing device.
 45. The method of claim 35, wherein: the receivedsecure content package further includes an encrypted version of thedecryption key; and decrypting the encrypted content comprisesdecrypting the encrypted content with the decryption key in response todecrypting the encrypted version of the decryption key, whereindecrypting the encrypted version of the decryption key comprisesdecrypting the encryption version with a corresponding decryption key ofthe destination computing device.